Abstract
In this paper, we propose P2PM-pay scheme which provides two key points. The first key point is related with the mobile cash. In P2PM-pay scheme, the mobile cash is controlled by the expiration date. The expiration date is embedded into the mobile cash by partial blind signature during the withdrawal date, and the bank does not hold information about the operation. Moreover, we have considered the effective date and deposit date for administrative purposes. The effective date is when customers use their mobile cash to pay for products, and the deposit date is when merchants receive the funds in their bank account. The other key point is related with the authentication process among participants. Although P2PM-pay uses WTLS protocol, we propose a wireless public key infrastructure with an efficient certificate path validation. Furthermore, the design of the proposed scheme achieves successfully the security requirements described in previous works. Consequently, P2PM-pay is secure against well-known attacks and efficient in terms of processing time.
Similar content being viewed by others
References
Leavitt, N. (2010). Payment applications make e-commerce mobile. Computer, 43(12), 19–22.
To, W.-M., & Lai, S.-L. (2014). Mobile banking and payment in China. IT Professional, 16(3), 22–27.
Martínez-Peláez, R., et al. (2008). Performance analysis of mobile payment protocols over the Bluetooth wireless network. In 6th CollECTeR Iberoamérica.
Tracz, R., & Wrona, K. (2001). Fair electronic cash withdrawal and change return for wireless networks. In ACM international workshop on mobile commerce.
Kungpisdan, S., Srinivasan, B., & Le, P.D. (2003). Lightweight mobile credit-card payment protocol. In 4th International conference on cryptology in India, progress in cryptology-Indocrypt’03. Springer-Verlag.
Abbadasari, R., Mukkamala, R., & Kumari, V. (2004). Mobicoin: Digital cash for m-commerce. In International conference on distributed computing and internet technology. Springer-Verlag.
Hu, Z.Y., et al. (2004). Anonymous micropayments authentication (AMA) in mobile data network. In 23rd Annual joint conference of the IEEE computer and communications societies. IEEE Press.
Song, R., & Korba, L. (2004). How to make E-cash with non-repudiation and anonymity. In International conference on information technology: Coding and computing. IEEE Press.
Fong, S., & Lai, E. (2005). Mobile mini-payment scheme using sms-credit. In Computational science and its applications. Springer-Verlag.
Lee, B.-K., Lee, T.-C., & Yang, S.-H. (2005). A MEP (mobile electronic payment) and IntCA protocol design. In 1st International conference on high performance computing and communications. Springer-Verlag.
Téllez, J., et al. (2006). Anonymous payment in a kiosk centric model using digital signature scheme with message recovery and low computational power device. Journal of Theoretical and Applied Electronic Commerce Research, 1(2), 1–11.
Zhang, L., Yin, J. P. & Zhan, Y. B. (2006). An anonymous digital cash and fair payment protocol utilizing smart card in mobile environments. In 5th International conference on grid and cooperative computing workshops.
Hwang, R. J., Shiau, S. H., & Jan, D. F. (2007). A new mobile payment scheme for roaming services. Electronic Commerce Research and Applications, 6(2), 184–191.
Téllez, J., & Sierra, J. (2007). A secure payment protocol for restrictred connectivity scenarios in m-commerce. In EC-WEB. Springer-Verlag.
Hassinen, M., Hyppönen, K., & Trichina, E. (2008). Utilizing national public-key infrastructure in mobile payment systems. Electronic Commerce Research and Applications, 7(2), 214–231.
Lin, P., et al. (2008). A secure mobile electronic payment architecture platform for wireless mobile networks. IEEE Transactions on Wireless Communications, 7(7), 2705–2713.
Martínez-Peláez, R., Rico-Novella, F., & Satizabal, C. (2008). Mobile payment protocol for micropayments: Withdrawal and payment anonymous. In International conference on new technologies, mobility and security. Tangier, Morocco. IEEE.
Ahamad, S. S., Udgata, S. K., & Sastry, V. N. (2012). A new mobile payment system with formal verification. International Journal Internet Technology and Secured Transactions, 4(1), 71–103.
Deya, A.-P. I., et al. (2012). Anonymous, fair and untraceable micropayment scheme: Application to LBS. IEEE Latin America Transactions, 10(3), 1774–1784.
Chen, C.-L., & Chien, C.-F. (2013). An ownership transfer scheme using mobile RFIDs. Wireless Personal Communications, 68, 1093–1119.
Wakadha, H., et al. (2013). The feasibility of using mobile-phone based SMS reminders and conditional cash transfers to improve timely immunization in rural Kenya. Vaccine, 31, 987–993.
Yang, J.-H., Chang, Y.-F., & Chen, Y.-H. (2013). An efficient authenticated encryption scheme based on ECC and its application for electronic payment. Information Technology and Control, 42(4), 315–324.
Javan, S. L., & Bafghi, A. G. (2014). An anonymous mobile payment protocol based on SWPP. Electronic Commerce Research,. doi:10.1007/s10660-014-9151-6.
Leavitt, N. (2012). Are mobile payments ready to cash in yet? Computer, 45(9), 15–18.
Martínez-Peláez, R., Rico-Novella, F., & Satizabal, C. (2010). Study of mobile payment protocols and its performance evaluation on mobile devices. International Journal of Information Technology and Management, 9(3), 337–356.
Putland, P. A., Hill, J., & Tsapikidis, D. (1997). Electronic payment systems. BT Technology Journal, 15(2), 32–38.
Kadhiwala, S., & Muhammad, S. (2007). Analysis of mobile payment security measures and different standards. Computer Fraud and Security, 2007(6), 12–16.
Chaum, D. (1983). Blind signatures for untraceable payments. In Advances in cryptology—Crypto’82. Springer.
Fan, C. I., Chen, W. K., & Yeh, Y. S. (2000). Date attachable electronic cash. Computer Communications, 23(4), 425–428.
Chang, C.-C., & Lai, Y.-P. (2003). A flexible date-attachment scheme on e-cash. Computers and Security, 22(2), 160–166.
Juang, W. S. (2007). D-cash: A flexible pre-paid e-cash scheme for date-attachment. Electronic Commerce Research and Applications, 6(1), 74–80.
Martínez-Peláez, R., Rico-Novella, F., & Satizabal, C. (2010). TOMIN: Trustworthy mobile cash with expiration-date attached. Journal of Software, 5(6), 579–584.
Fan, C.-I., Sun, W.-Z., & Hau, H.-T. (2014). Date attachable offline electronic cash scheme. Hindawi Publishing Corporation,. doi:10.1155/2014/216973.
Abe, M., & Fujisaki, E. (1996). How to date blind signatures. In International conference on the theory and applications of cryptology and information security: Advances in cryptology. Springer-Verlag.
Satizabal, C., Páez, R., & Forné, J. (2005). PKI Trust Relationship Using Hash Chains. In International conference on advances in the internet, processing, systems and interdisciplinary research, (IPSI’05). Carcassonne, France.
Satizabal, C., et al. (2007). Reducing the computational cost of certification path validation in mobile payment. In 4th European PKI workshop: Theory and practice on public key infrastructure. Palma de Mallorca, Spain. Springer-Verlag.
WAPForum. (2001). Wireless transport layer security, specification WAP-261-WTLS-20010406-a.
Bruno, R., Conti, M., & Gregori, E. (2002). Bluetooth: Architecture, protocols and scheduling algorithms. Cluster Computing, 5, 117–131.
Assora, M., Kadirire, J., & Shirvani, A. (2007). Using WPKI for security of web transaction. In E-commerce and web technologies. Springer-Verlag.
Satizabal, C., Paez, R., & Forne, J. (2007). WAP PKI and certification path validation. International Journal of Internet Protocol Technology, 2(2), 88–95.
Martínez-Peláez, R., et al. (2008). Efficient certificate path validation and its application in mobile payment protocols. In International workshop on frontiers in availability, reliability and security. IEEE Press.
Satizabal, C., et al. (2010). Reducing the computational cost of the authentication process in SET protocol. Ingeniería y Desarrollo, 27, 1–24.
NIST. (1995). Secure hash standard (SHA), FIPS PUB 180-1. National Institute of Standards and Technology. http://www.itl.nist.gov/fipspubs/fip180-1.htm.
Daswani, N. (2000). Cryptographic execution time for WTLS handshakes on palm OS devices. Certicom Public Key Solutions.
Gupta, V., et al. (2002). Performance analysis of elliptic curve cryptography for SSL. In 3rd ACM workshop on wireless security. Georgia, USA.
Levi, A., & Savas, E. (2003). Performance evaluation of public-key cryptosystem operations in WTLS protocol. In 8th IEEE international symposium on computers and communication. IEEE.
Argyroudis, P.G., et al. (2004). Performance analysis of cryptographic protocols on handheld devices. In 3rd IEEE International symposium on network computing and applications.
Tillich, S., & Grobschädl, J. (2004). A survey of public-key cryptography on J2ME-enabled mobile devices. In 19th International symposium on computer an information sciences. Antalya, Turkey.
van der Heijden, H. (2002). Factors affecting the successful introduction of mobile payment system. In Proceedings of 15th bled electronic commerce conference eReality: Constructing the eEconomy.
Acknowledgments
We thank the anonymous reviewers for their constructive comments which helped us improve the presentation and quality of this paper. Moreover, we would like to thank Leslie Cedeño and Monica Padilla for their support. This work was partially sponsored by SEP-CONACyT CB-2011-01 Project 167859.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Martínez-Peláez, R., Toral-Cruz, H., Ruiz, J. et al. P2PM-pay: Person to Person Mobile Payment Scheme Controlled by Expiration Date. Wireless Pers Commun 85, 289–304 (2015). https://doi.org/10.1007/s11277-015-2738-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-015-2738-y